https://bugs.freedesktop.org/show_bug.cgi?id=98894
--- Comment #7 from Christian Stadelmann <frds...@genodeftest.de> ---
(In reply to Vladimir Stoiakin from comment #6)
> I am not a developer, so my suggestion can be naive.
> What about to use simple password authentication for apps?
> For example, some user wants to record a screencast. He sends a request to a
> compositor with a public API. The compositor allows to do it (if configured
> so), generates a one-time secret password, and draws it in the final screen
> buffer. The user reads the password on the screen, and enters it in the
> program which is going to do the job. With this password the program can
> start recording.
> In this scenario the user knows exactly which program will get access to the
> screen (he relies on the shell which starts user programs), and the process
> of recording can be fully controlled by the compositor.
In the modern world of software development, the goal is to have unobtrusive
"authentication" through implicit actions, at least for compartmentalization on
desktops. Take any application, for example a web browser. Let's assume this
application is somehow confined (e.g. using bwrap/flatpak or running under a
different user ID as on android) and is not allowed to access your files by
default. Sometimes, you want it to get access to your files, e.g. to open or
save a document. This happens through the file chooser: If you choose a file
using the file chooser it is assumed that you want this application to access
the selected document, so access is granted for that file/folder. This is
called a portal.
In case you are interested in this technology, please have a look at
https://github.com/flatpak/xdg-desktop-portal/ and also this great explanation
by Alexander Larsson:
https://blogs.gnome.org/alexl/2017/01/24/the-flatpak-security-model-part-3-the-long-game/
For the example above, this portal is called FileChooser portal.
This bug report is asking to add an API to the wayland protocol so that clients
(applications) can request to take a screenshot and the compositor / desktop
shell can decide whether to grant this request. It is also (more importantly)
about adding one API for any wayland compositor so that client application
developers don't have to write separate code for every single compositor they
want to support. Btw: xdg-desktop-portal already has an API for a Screenshot
and a ScreenCast portal which may be interpreted as a fix to this bug. It also
fixes the issues raised by Pekka Paalanen in comment #1. See also the comment
#4 by Jonas Ã…dahl.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
wayland-bugs mailing list
wayland-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/wayland-bugs
